SOCKS Proxies

SOCKS is an Internet protocol which presents a special kind of proxy server. The default port for SOCKS proxies is 1080, but they may also be available on other ports. The practical difference to normal HTTP proxies is that SOCKS proxies work not only for Web browsing, but also for other applications like video games, file transfer or instant messenger clients. Similar to a VPN, they work as a secure tunnel.

Common SOCKS versions include 4, 4a and 5. The version 4 always needs the IP address to create a connection, so the DNS resolution still has to take place on the client. This make it useless for many circumvention needs. Version 4a usually uses hostnames. Version 5 includes newer techniques such as authentication, UDP and IPv6, but it often uses IP addresses, so it might also not be the perfect solution. See also the section "DNS leaks" at the end of this chapter.

A variety of software can take advantage of a SOCKS proxy to bypass filters or other restrictions not only Web browsers, but also other Internet software like instant messaging and e-mail applications.

Although public SOCKS proxies do exist, in many cases SOCKS proxies will run locally on your computer, and will be provided by a software application. Because SOCKS tunnels are so flexible, some censorship circumvention software creates a local proxy running on your own computer (which is usually referred to by the name localhost or the IP address 127.0.0.1). This local proxy is a way to let applications such as a Web browser take advantage of the circumvention software. Tools that can work in this way include Tor, Your-Freedom and SSH tunnels set up with PuTTY.

Local proxy enthusiast T-shirt (get it?)

In order to use an application proxy for circumventing censorship, you must tell software on your computer that you want to use that proxy when communicating with other systems on the Internet.

Some Internet applications don't ordinarily work with a proxy because their developers didn't create them with proxy support. However, many of these applications can be made to work with a SOCKS proxy using socksifier software. Some examples of such software include:

Configuring your applications

In most cases configuring applications to use a SOCKS proxy is done in much the same way as configuring them to use HTTP proxies. Applications that support SOCKS proxies will have a separate entry in the menu or configuration dialog where HTTP proxies are configured which let you configure a SOCKS proxy. Some applications will ask you to choose between SOCKS 4 and SOCKS 5 proxy settings; in most cases SOCKS 5 is the better option, although some SOCKS proxies may only work with SOCKS 4.

Some applications, such as Mozilla Firefox, will allow you to configure both an HTTP proxy and a SOCKS proxy at the same time. In this case, normal web-browsing will happen through the HTTP proxy, and Firefox may use the SOCKS proxy for other traffic such as streaming video.

Clear "Use the same proxy server for all protocols" if it is selected:

Enter the proxy address to use and port number in the Socks row and click OK:

Now Internet Explorer is configured to use a SOCKS proxy.

Configuring a SOCKS proxy for other applications

Many Internet applications other than Web browsers can use a SOCKS proxy to connect to the Internet, potentially bypassing blocking. Here is an example with the instant messaging software Pidgin. This is a typical example, but the exact sequence of steps to configure some other application to use a SOCKS proxy would be slightly different.

When you're done with the proxy

When you are done using a proxy, particularly on a shared computer, return the settings you've changed to their previous values. Otherwise, those applications will continue to try to use the proxy. This could be a problem if you don't want people to know that you were using the proxy or if you were using a local proxy provided by a particular circumvention application that isn't running all the time.

DNS leaks

One important problem with SOCKS proxies is that some applications that support the use of SOCKS proxies may not use the proxy for all their network communications. The most common problem is that Domain Name System (DNS) requests may be made without going through the proxy. This DNS leak can be a privacy problem and can also leave you vulnerable to DNS blocking, which a proxy could otherwise have circumvented. Whether an application is vulnerable to DNS leaks may vary from version to version. Mozilla Firefox is currently vulnerable to DNS leaks in its default configuration, but you can avoid these by making a permanent configuration change to prevent DNS leaks:

In the Firefox address bar, enter about:config as if it were a URL (you may see a warning about changing advanced settings):

If necessary, click "I'll be careful, I promise!" to confirm that you want to modify your browser settings. The browser displays a list of configuration settings information.

In the Filter field, enter network.proxy.socks_remote_dns. Only that setting is displayed:

If this setting has the value false, double-click it to change its value to true.

Firefox is now configured to avoid DNS leaks. Once the value is displayed as true, this setting is automatically saved permanently.

There is no documented way to prevent DNS leaks within Microsoft Internet Explorer, without using an external program.

At the time of this writing there are no known DNS leaks in Pidgin when configured to use a SOCKS 5 proxy.